From owner-freebsd-security  Thu Aug 30 20:38:28 2001
Delivered-To: freebsd-security@freebsd.org
Received: from theinternet.com.au (co3040619-a.kelvn1.qld.optushome.com.au [203.164.207.8])
	by hub.freebsd.org (Postfix) with ESMTP id B182237B401
	for <security@FreeBSD.ORG>; Thu, 30 Aug 2001 20:38:22 -0700 (PDT)
	(envelope-from akm@theinternet.com.au)
Received: (from akm@localhost)
	by theinternet.com.au (8.11.4/8.11.4) id f7V3Psh88783;
	Fri, 31 Aug 2001 13:25:54 +1000 (EST)
	(envelope-from akm)
Date: Fri, 31 Aug 2001 13:25:54 +1000
From: Andrew Kenneth Milton <akm@theinternet.com.au>
To: Kris Kennaway <kris@obsecurity.org>
Cc: Blaz Zupan <blaz@inlimbo.org>, security@FreeBSD.ORG
Subject: Re: Security update packages don't recognized patched 4.3-RELEASE
Message-ID: <20010831132554.T21855@zeus.theinternet.com.au>
References: <20010830222555.M49399-100000@gold.inlimbo.org> <20010830184700.D27546@xor.obsecurity.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <20010830184700.D27546@xor.obsecurity.org>; from Kris Kennaway on Thu, Aug 30, 2001 at 06:47:00PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

+-------[ Kris Kennaway ]----------------------
| On Thu, Aug 30, 2001 at 10:28:55PM +0200, Blaz Zupan wrote:
| > I usually cvsup RELENG_4_3 to update our servers, but this time I wanted to
| > quickly patch the lpd hole by simply installing the update package.
| > Unfortunatelly it complains that it can only be installed on 4.3-RELEASE.
| > Well, I *am* running 4.3-RELEASE, but patched up to 4.3-RELEASE-p14. I believe
| > the +INSTALL script should support this, what do others think?
| 
| It was a deliberate decision to only support 4.3-RELEASE, not
| arbitrary cvsup dates of RELENG_4_3 so we don't have to worry about
| possible weird package interactions with changes on that branch at
| some point.  Basically, we expect that if you can cvsup once, you can
| cvsup twice :)

Do they work with arbitrary combinations of binary updates ?

Which is to say are they generated from 4.3-RELEASE or generated from
4.3-RELEASE + previous binary updates?

I'm not sure there would be any contention there, but, I can see how
it could lead to the same situation as cvsupping (given enough updates).

-- 
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |                      |
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au| 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message